CT-GAN: Malicious tampering of 3D medical imagery using deep learning

Yisroel Mirsky, Tom Mahler, Ilan Shelef, Yuval Elovici

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

47 Scopus citations

Abstract

In 2018, clinics and hospitals were hit with numerous attacks leading to significant data breaches and interruptions in medical services. An attacker with access to medical records can do much more than hold the data for ransom or sell it on the black market. In this paper, we show how an attacker can use deep-learning to add or remove evidence of medical conditions from volumetric (3D) medical scans. An attacker may perform this act in order to stop a political candidate, sabotage research, commit insurance fraud, perform an act of terrorism, or even commit murder. We implement the attack using a 3D conditional GAN and show how the framework (CT-GAN) can be automated. Although the body is complex and 3D medical scans are very large, CT-GAN achieves realistic results which can be executed in milliseconds. To evaluate the attack, we focused on injecting and removing lung cancer from CT scans. We show how three expert radiologists and a state-of-the-art deep learning AI are highly susceptible to the attack. We also explore the attack surface of a modern radiology network and demonstrate one attack vector: we intercepted and manipulated CT scans in an active hospital network with a covert penetration test.

Original languageEnglish
Title of host publicationProceedings of the 28th USENIX Security Symposium
PublisherUSENIX Association
Pages461-478
Number of pages18
ISBN (Electronic)9781939133069
StatePublished - 1 Jan 2019
Event28th USENIX Security Symposium - Santa Clara, United States
Duration: 14 Aug 201916 Aug 2019

Publication series

NameProceedings of the 28th USENIX Security Symposium

Conference

Conference28th USENIX Security Symposium
Country/TerritoryUnited States
CitySanta Clara
Period14/08/1916/08/19

Fingerprint

Dive into the research topics of 'CT-GAN: Malicious tampering of 3D medical imagery using deep learning'. Together they form a unique fingerprint.

Cite this